Apple had released its iOS 14 last year that came with new features like privacy rules, stickers, and more. The OS incorporates a new security system called BlastDoor that protects the parsing of bad data from iMessage. This security system has been discovered by a security researcher working with Google’s Project Zero. The story details are available on Google’s Project Zero blog spot. Although Apple never mentioned the security system’s details during the iOS launch in September, a security researcher went on to discover the existence of this feature via a reverse engineering project.
The BlastDoor system works as a sandbox to separate data processing on the messaging platform from other software elements that are believed to protect the user from specific attacks carried out via the iMessage client.
Samuel Groß, who was working with Google’s Project Zero team as a security researcher, had discovered the BlastDoor system hidden in iOS 14, who wrote a blog post mentioning the scope of the new system that protects the users from bad attacks. He discovered the new security system via a reverse engineering project using iPhone XS running iOS 14.3 and M1 Mac Mini running macOS 11.1.
BlastDoor has been designed to specifically work with iMessage, unlike other sandbox systems in iOS, to protect different functions. With this, it unpacks the incoming messages. It would process their content within an isolated and secured environment, hence protecting the software, even if there were malicious code in the message.
The existing mechanism is used to allow attackers to gain user data access through iMessage. Still, in 2019, Groß and his security researcher Natalie Silvanovich found “zero interaction” flaws in iMessage, which allowed attackers to read content files stored on an iPhone without requiring users to interact with any notification or message. This is likely to be addressed with the BlastDoor system now.